verification needed ,is this spyware????

**mjd59** · 2012-06-21, 11:31

hi, i am no computer experte but looking at these file of mine seem to tell me either 1, i have a live hacker. 2. an over suspisious girlfriend. 3, some form of goverment / public protection [as they would call it] program. i ddo also think my modem has being hijacked and maybe reading my cell phone info . i do have actual files which are in need of analistic eyes , i could be just paranoid ????/ please help before i go mad chasing this around my c drive
thanks
mick

p.s dds has been renamed my porn to try throw off any chance of it been tampered

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by admin at 18:55:08 on 2012-06-21
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.61.1033.18.3316.1110 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
uRun: [HijackThis startup scan] c:\program files\trend micro\hijackthis\HijackThis.exe /startupscan
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SRSAENotifier] c:\program files\srs labs\srs audio essentials\AENotifier.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1FF946B5-3569-49FD-B766-744DCCA3A297} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ci05knef;Vba32 Armour Driver;c:\windows\system32\drivers\ci05knef.sys [2012-6-19 35904]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-20 654408]
R2 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-21 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2012-6-20 439632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-3-17 1153368]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2011-12-15 2521880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-20 22344]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
R3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [2012-5-1 404256]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-23 136176]
S2 SRSHDAudioService;SRS HDAudio Lab Service;"c:\program files\common files\srs labs\srs hd audio lab service\srsaudiolabservice.exe" --> c:\program files\common files\srs labs\srs hd audio lab service\SRSAudioLabService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-4 257696]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-5-26 30312]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-23 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-5-26 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-5-26 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-5-26 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-5-26 114280]
SUnknown MpKsl5cb10997;MpKsl5cb10997; [x]
.
=============== Created Last 30 ================
.
2012-06-21 08:42:12 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ad17be3a-25e4-497d-be8b-5553a624810c}\mpengine.dll
2012-06-20 12:15:59 -------- d-----w- c:\programdata\Trend Micro
2012-06-20 12:05:55 -------- d-----w- c:\program files\WinPcap
2012-06-20 11:01:43 -------- d-----w- c:\program files\Safer Networking
2012-06-20 08:42:26 6762896 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-19 14:12:04 -------- d-----w- c:\users\admin\appdata\local\MPlayer
2012-06-19 11:31:27 388096 ----a-r- c:\users\admin\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-06-19 11:31:25 -------- d-----w- c:\program files\Trend Micro
2012-06-19 09:29:57 35904 ----a-w- c:\windows\system32\drivers\ci05knef.sys
2012-06-13 03:29:37 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2012-06-13 03:29:37 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f469b385-4890-4ffe-87a5-3241d146f901}\gapaengine.dll
2012-06-12 18:19:06 -------- d-----w- c:\users\admin\appdata\local\Apps
2012-06-12 07:25:58 -------- d-----w- c:\users\admin\appdata\local\temp
2012-06-12 07:25:08 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-10 16:18:51 98816 ----a-w- c:\windows\sed.exe
2012-06-10 16:18:51 518144 ----a-w- c:\windows\SWREG.exe
2012-06-10 16:18:51 256000 ----a-w- c:\windows\PEV.exe
2012-06-10 16:18:51 208896 ----a-w- c:\windows\MBR.exe
2012-06-08 13:42:43 -------- d-----w- c:\windows\system32\appmgmt
2012-06-08 07:36:44 -------- d-----w- c:\program files\HP
2012-06-06 12:36:38 -------- d-----w- c:\users\admin\appdata\local\Samsung
2012-06-06 12:36:23 -------- d-----w- c:\users\admin\appdata\roaming\Samsung
2012-06-06 12:04:42 -------- d-----w- c:\users\admin\appdata\local\Adobe
2012-06-06 11:38:24 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2012-06-04 18:24:05 -------- d-----w- c:\program files\Yontoo
2012-06-04 18:24:02 -------- d-----w- c:\programdata\Tarma Installer
2012-06-03 07:42:50 -------- d-----w- c:\programdata\FilesOpened
2012-06-03 07:41:41 -------- d-----w- c:\programdata\RegWork
2012-06-03 07:41:28 -------- d-----w- c:\program files\Ask.com
2012-06-03 07:41:12 -------- d-----w- c:\program files\RegWork
2012-05-30 09:38:19 -------- d-----w- c:\program files\iPod
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-05-30 09:32:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-05-26 11:17:39 -------- d-----w- C:\Temp
2012-05-26 00:37:30 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-05-26 00:37:30 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-05-26 00:37:30 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2012-05-26 00:37:30 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-05-26 00:37:30 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-05-26 00:37:30 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-05-26 00:37:30 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2012-05-26 00:37:30 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-05-26 00:37:30 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-05-26 00:37:30 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-05-26 00:37:30 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-05-26 00:36:38 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2012-05-26 00:36:38 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2012-05-26 00:36:38 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2012-05-26 00:36:38 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2012-05-26 00:36:38 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2012-05-26 00:36:38 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2012-05-26 00:36:38 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2012-05-26 00:35:37 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-05-26 00:35:02 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-05-26 00:35:02 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-05-26 00:35:02 -------- d-----w- c:\program files\MarkAny
2012-05-26 00:33:59 -------- d-----w- c:\programdata\Samsung
2012-05-26 00:33:59 -------- d-----w- c:\program files\Samsung
2012-05-24 08:18:33 -------- d-----w- c:\program files\Morphyre
2012-05-24 07:35:28 -------- d-----w- C:\inetpub
2012-05-24 06:11:40 -------- d-----w- c:\programdata\SpeedMaxPc
.
==================== Find3M ====================
.
2012-05-31 06:57:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 06:57:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-18 10:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 10:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
============= FINISH: 18:55:54.85 ===============

**ken545** · 2012-06-30, 22:50

Sorry for the delay but sometimes a log or two falls through the cracks, if you still need help lets run OTL and see whats going on

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**mjd59** · 2012-07-01, 07:29

hi and thanks for helping me out i have ran otl but could not find extras, but have a log from the 19/6/2012 which i have added , also i have 2 systems which may be affected the original is a dell optiplex 755 and also a dell optiplex745 which the latter is not as bad . i am finding hidden text ,files which i can not open and check boxes that i can not check ,also think web pages are not ligitamate and exspired security certs,i look forward to your reponse , thanks again

mick

**mjd59** · 2012-07-01, 07:30

here are the otl logs

OTL logfile created on: 1/07/2012 2:16:18 PM - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = E:\
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.24 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 46.90% Memory free
6.70 Gb Paging File | 4.99 Gb Available in Paging File | 74.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 28.87 Gb Free Space | 38.75% Space Free | Partition Type: NTFS
Drive D: | 76.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.74 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: ADM-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe (Apache Software Foundation)
PRC - C:\Program Files\Spiceworks\bin\spiceworks.exe (Spiceworks, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\System32\wsqmcons.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\AMT\UNS.exe (Intel)
PRC - C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()

========== Win32 Services (SafeList) ==========

SRV - (SRSHDAudioService) -- C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (spiceworks) -- C:\Program Files\Spiceworks\bin\spiceworks.exe (Spiceworks, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (RUBotSrv) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (Trend Micro Inc.)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files\Intel\AMT\UNS.exe (Intel)
SRV - (atchksrv) Intel(R) -- C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\LMS.exe (Intel)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\mic\AppData\Local\Temp\catchme.sys File not found
DRV - (MpKsl89d0f867) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF88B44A-AF4E-4381-B890-8E11C1A9A7F4}\MpKsl89d0f867.sys ()
DRV - (ci05knef) -- C:\Windows\System32\drivers\ci05knef.sys (VirusBlokAda Ltd.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (SRS_AE_Service) -- C:\Windows\System32\drivers\SRS_AE_i386.sys ()
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\adm\Desktop
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/?ocid=OIE9HP
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\..\SearchScopes\{4E398B64-32F0-49C2-9873-FEBBD6D2AD8F}: "URL" = http://www.oolone.com?search={searchTerms}&source=IE
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enAU476
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = E:\
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/?ocid=OIE9HP
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enAU476
IE - HKU\S-1-5-21-486152668-397904260-1212551728-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-486152668-397904260-1212551728-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au/?ocid=OIE9HP
IE - HKU\S-1-5-21-486152668-397904260-1212551728-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-486152668-397904260-1212551728-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/?ocid=OIE9HP
IE - HKU\S-1-5-21-486152668-397904260-1212551728-500\..\SearchScopes,DefaultScope = {EBE9E25F-F8A2-4714-87DA-C6ECEE8FA6BF}
IE - HKU\S-1-5-21-486152668-397904260-1212551728-500\..\SearchScopes\{EBE9E25F-F8A2-4714-87DA-C6ECEE8FA6BF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
IE - HKU\S-1-5-21-486152668-397904260-1212551728-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/22 23:50:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/06/22 23:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/15 08:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/15 09:02:29 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/15 09:02:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 09:02:29 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/15 09:02:29 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/15 09:02:29 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/15 09:02:29 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/06/11 02:28:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-486152668-397904260-1212551728-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-486152668-397904260-1212551728-1001..\Run: [SRSHDAudioLab] "C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe" auto File not found
O4 - HKU\S-1-5-21-486152668-397904260-1212551728-1002..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-486152668-397904260-1212551728-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-486152668-397904260-1212551728-500..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-486152668-397904260-1212551728-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\suzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-486152668-397904260-1212551728-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-486152668-397904260-1212551728-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-486152668-397904260-1212551728-1002\..Trusted Domains: google.com.au ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FF946B5-3569-49FD-B766-744DCCA3A297}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/24 08:57:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2012/06/24 08:53:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/06/24 08:52:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2012/06/23 17:41:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Favorites\Documents\TagsRevisited
[2012/06/23 15:43:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiceworks
[2012/06/23 15:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spiceworks
[2012/06/23 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012/06/23 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012/06/23 15:02:03 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/23 15:02:03 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2012/06/23 15:02:03 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/23 15:01:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012/06/23 15:01:53 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2012/06/22 23:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/22 23:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/22 23:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/06/22 23:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedMaxPc
[2012/06/22 18:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/22 18:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/22 18:05:28 | 000,772,552 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/22 18:05:28 | 000,687,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/06/22 18:05:28 | 000,227,784 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/22 18:05:05 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/22 18:05:05 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/22 18:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/22 18:04:03 | 000,000,000 | ---D | C] -- C:\Sun
[2012/06/22 17:44:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/06/22 13:38:13 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2012/06/22 13:38:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Favorites\Documents\My Videos
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Favorites\Documents\My Pictures
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Favorites\Documents\My Music
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2012/06/22 13:38:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2012/06/22 13:38:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2012/06/22 13:38:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2012/06/22 13:38:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData
[2012/06/22 13:19:00 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2012/06/22 13:19:00 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftsrch.dll
[2012/06/22 13:19:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftlx041e.dll
[2012/06/22 13:19:00 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftlx0411.dll
[2012/06/22 06:59:51 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/22 06:59:51 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/22 06:59:39 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/22 06:59:39 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/22 06:59:39 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/22 06:59:34 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/22 06:59:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/22 06:08:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/20 22:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012/06/20 22:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/06/20 22:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/06/20 22:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2012/06/20 21:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/06/20 21:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2012/06/19 21:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/06/19 19:29:57 | 000,035,904 | ---- | C] (VirusBlokAda Ltd.) -- C:\Windows\System32\drivers\ci05knef.sys
[2012/06/18 22:33:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/11 02:30:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/11 02:18:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/11 02:18:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/11 02:18:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/11 02:18:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/11 01:32:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/08 23:42:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/06/08 17:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/06/05 19:23:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/06/05 04:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/06/05 04:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/06/03 17:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FilesOpened
[2012/06/03 17:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\RegWork
[2012/06/03 17:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FilesOpened
[2012/06/03 17:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/06/03 17:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\RegWork
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/01 14:05:33 | 000,638,920 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/01 14:05:33 | 000,116,630 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/01 14:02:42 | 000,000,272 | ---- | M] () -- C:\Users\Administrator\Desktop\OTL - Shortcut.lnk
[2012/07/01 13:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/01 13:18:32 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 13:18:32 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 12:55:39 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/01 11:18:33 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/07/01 11:18:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/01 11:18:30 | 3477,716,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 17:59:59 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/06/24 10:45:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/24 10:45:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/24 09:38:15 | 000,001,344 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk.colors
[2012/06/24 08:52:57 | 000,001,028 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
[2012/06/23 18:49:28 | 000,143,125 | ---- | M] () -- C:\Users\Administrator\rubygems-1.8.21.zip.s7cp9kw.partial
[2012/06/23 17:15:20 | 000,000,938 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/23 16:44:53 | 000,246,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/23 15:43:37 | 000,000,868 | ---- | M] () -- C:\Users\Administrator\Desktop\Spiceworks Desktop.lnk
[2012/06/23 15:02:05 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/23 15:01:30 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc.job
[2012/06/23 09:24:52 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/06/22 23:51:02 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/22 18:04:54 | 000,772,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/22 18:04:54 | 000,687,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/06/22 18:04:54 | 000,227,784 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/22 18:04:54 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/22 18:04:54 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/21 09:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job.bak
[2012/06/21 09:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job.bak
[2012/06/19 19:29:57 | 000,035,904 | ---- | M] (VirusBlokAda Ltd.) -- C:\Windows\System32\drivers\ci05knef.sys
[2012/06/18 22:33:24 | 311,289,054 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/11 02:28:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/05 19:25:57 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix*it Center.lnk
[2012/06/05 19:24:53 | 352,059,392 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2012/06/05 19:24:51 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2012/06/05 19:24:51 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2012/06/03 08:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/03 08:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/03 08:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/03 08:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/03 08:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/01 14:02:42 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Desktop\OTL - Shortcut.lnk
[2012/06/24 09:38:09 | 000,001,344 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk.colors
[2012/06/24 08:52:57 | 000,001,028 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
[2012/06/24 08:45:50 | 3477,716,992 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/23 18:49:25 | 000,143,125 | ---- | C] () -- C:\Users\Administrator\rubygems-1.8.21.zip.s7cp9kw.partial
[2012/06/23 17:15:20 | 000,000,938 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/23 15:43:37 | 000,000,868 | ---- | C] () -- C:\Users\Administrator\Desktop\Spiceworks Desktop.lnk
[2012/06/23 15:02:05 | 000,000,949 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/23 15:02:02 | 000,000,944 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/06/23 15:01:53 | 000,000,915 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/06/22 23:51:02 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/22 23:51:02 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/22 23:17:50 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/06/22 23:17:14 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/06/22 23:17:13 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc.job
[2012/06/22 20:55:23 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/22 18:04:24 | 000,000,943 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/22 13:38:13 | 000,000,258 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/22 13:38:13 | 000,000,240 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/06/18 22:33:24 | 311,289,054 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/11 02:18:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/11 02:18:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/11 02:18:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/11 02:18:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/11 02:18:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/10 10:17:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2012/06/05 19:05:36 | 352,059,392 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2012/06/05 19:05:36 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2012/06/05 19:05:36 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2012/05/03 15:17:10 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/01 07:06:30 | 000,404,256 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AE_i386.sys
[2012/03/23 13:02:35 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/03/23 13:02:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/23 13:01:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/18 16:11:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/12/15 12:28:59 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2011/12/15 12:28:59 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2011/12/15 12:28:59 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2011/12/15 12:28:59 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

========== LOP Check ==========

[2012/03/22 16:03:09 | 000,000,000 | ---D | M] -- C:\Users\adm\AppData\Roaming\DriverCure
[2012/03/21 14:23:14 | 000,000,000 | ---D | M] -- C:\Users\adm\AppData\Roaming\OpenOffice.org
[2012/06/13 14:18:36 | 000,000,000 | ---D | M] -- C:\Users\adm\AppData\Roaming\Samsung
[2012/05/24 16:11:53 | 000,000,000 | ---D | M] -- C:\Users\adm\AppData\Roaming\SpeedMaxPc
[2012/03/17 18:30:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org
[2012/06/06 22:36:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Samsung
[2012/06/24 08:52:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2012/06/22 23:17:21 | 000,000,000 | ---D | M] -- C:\Users\mic\AppData\Roaming\DriverCure
[2012/06/22 23:17:21 | 000,000,000 | ---D | M] -- C:\Users\mic\AppData\Roaming\SpeedMaxPc
[2012/05/18 01:28:21 | 000,000,000 | ---D | M] -- C:\Users\mick\AppData\Roaming\OpenOffice.org
[2012/03/18 16:22:37 | 000,000,000 | ---D | M] -- C:\Users\suzi\AppData\Roaming\OpenOffice.org
[2012/05/26 10:39:08 | 000,000,000 | ---D | M] -- C:\Users\suzi\AppData\Roaming\Samsung
[2012/06/28 18:45:47 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/28 17:59:59 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Registration3.job
[2012/06/23 09:24:52 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Update3.job
[2012/06/23 15:01:30 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc.job

========== Purity Check ==========

< End of report >

**ken545** · 2012-07-01, 12:41

Good Morning,

Nothing earthshattering on your OTL log. I would prefer that you copy and paste the logs into this thread in lew of attaching them, its easier for these old eyes to analyze.

Also, we just do one computer at a time per thread or believe me it could get pretty confusing, so just run the scans and post the logs on the one we are working on and when where done I will close this thread and you can start a new topic for the other one.

I see by your OTL log that you have run Combofix prior to posting, not a good idea, if you run it on your own, this forum, sUbs and myself will not be responsible.

Is this computer a home computer, I see your running Vista Business addition

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
[2012/06/03 17:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

**mjd59** · 2012-07-03, 10:50

hi, ran what you asked , had to do otl in 2 stages kill processes and then the commands [ dont know if that will affect the results ????] i reloaded mamb, as i fear the original is corrupted ,downloaded updates and ran quick scan as asked . looked at the logs and it says download not completed [ as mamb ran its set up the computer shut down as if rebooting , i dont remember it ever doing that before ?] also we are having trouble logging on to wi-fi on our cell phones , dont know if any of it could be related ,maybe i could have a setting wrong or something as i am not to familiar with vista . thanks for your time once again and anything else you require me to implement with be done as instructed

**mjd59** · 2012-07-03, 10:57

here is the protection log i had to zip the otl log

**mjd59** · 2012-07-03, 11:05

here is the scan log

**ken545** · 2012-07-03, 13:21

I would prefer that you copy and paste the logs into this thread in lew of attaching them, its easier for these old eyes to analyze.

Looking ok, how are things running now ?

**mjd59** · 2012-07-06, 09:57

things seam ok , but ask toolbar has not been removed ?? i know this is /was part of the problem along with alot toolbar

Thread: verification needed ,is this spyware????

Thread Tools

Display

verification needed ,is this spyware????

Posting Permissions